cancelar
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
865
Visitas
10
ÚTIL
9
Respuestas
Ramirov
Beginner

BGP dual homing

Hello guys , I have a doubt ,  If a have a public segment in my company and one router with conection to two ISPs .

I advertise the public network to both ISPs (ISP A and ISP B) , but I want that my clients on Internet reach me via the ISP A.  Which is the best way to do it? Using As path prepending???

 

Thanks a lot!!

2 SOLUCIONES ACEPTADAS

Soluciones aceptadas
Julio E. Moisa
VIP Mentor

Hi,

Well the traffic for TCP packets should be symmetric, so I suggest to use Local Preference or Weight to receive prefixes and to use AS-Path with lowest AS path Prepend to indicate the prefer path to your clients or external networks. 

 

Primary ISP

Local Preference / Weight - highest

AS Path prepend lowest

 

Secondary ISP

Local Preference /Weight - Lowest

AS Path Prepend Highest.

 

Hope it is useful

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Ver la solución en mensaje original publicado

Diana Karolina Rojas
Cisco Employee

Hello Ramiro!

 

Yes, I deffinitively think that the best option to manipulate the inbound internet traffic is through AS PATH, and is because you are ussing different services providers, in case your are using the same SP the best option is to use MED (Multi Exit Discriminator).

 

Another thing you can do (assuming yo have a network larger than / 24, like / 23 or / 22) is to split off that network and public the firts subnet with better ASPATH in one SP and the other to the second SP, that way you can have an inbound load balacing traffic but organized, all the services with IPs from the first pool may in from one SP, and the other services may use the other link (when doing this kind of things I always recommend to keep publicing the larger / 23 or / 22 network through both SPs to guarantee the complete service when one link comes down).

 

*** Please don't forget to rate / mark as solutions useful posts, your recognizion promoves our participation ***

 

Best Regards,

Ver la solución en mensaje original publicado

9 RESPUESTAS 9
Julio E. Moisa
VIP Mentor

Hi,

Well the traffic for TCP packets should be symmetric, so I suggest to use Local Preference or Weight to receive prefixes and to use AS-Path with lowest AS path Prepend to indicate the prefer path to your clients or external networks. 

 

Primary ISP

Local Preference / Weight - highest

AS Path prepend lowest

 

Secondary ISP

Local Preference /Weight - Lowest

AS Path Prepend Highest.

 

Hope it is useful

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Ver la solución en mensaje original publicado

Diana Karolina Rojas
Cisco Employee

Hello Ramiro!

 

Yes, I deffinitively think that the best option to manipulate the inbound internet traffic is through AS PATH, and is because you are ussing different services providers, in case your are using the same SP the best option is to use MED (Multi Exit Discriminator).

 

Another thing you can do (assuming yo have a network larger than / 24, like / 23 or / 22) is to split off that network and public the firts subnet with better ASPATH in one SP and the other to the second SP, that way you can have an inbound load balacing traffic but organized, all the services with IPs from the first pool may in from one SP, and the other services may use the other link (when doing this kind of things I always recommend to keep publicing the larger / 23 or / 22 network through both SPs to guarantee the complete service when one link comes down).

 

*** Please don't forget to rate / mark as solutions useful posts, your recognizion promoves our participation ***

 

Best Regards,

Ver la solución en mensaje original publicado

Thanks Diana and Julio :D

Hello Ramirov,

 

I'll add something additional here so you get this into account as well, because everything related to BGP and the Internet don't usually work the way you expect or would want to.

 

Although BGP has a lot of knobs you can tweak, the vast majority of them are not required to be honored, BGP is mainly governed by "Internet Politics", you might find yourself in a situation where you prepend a lot towards one ISP (so you de-prefer it), but you do still get traffic from that ISP.

 

A lot of ISPs (and networks with several BGP connections) put policies that ignore the AS_PATH and rather follow up their internal decisions (which are most of the time derived by business requirements, costs.). For instance it's quite common that this kind of policy is used:

 

(Ir order of preference)

1.- Prefer customer routes

2.- Prefer routes learnt via a public IXP

3.- Prefer routes learnt via settlemen free peering

4.- Prefer routes via paid peering

5.- Prefer routes via transit peers (other ISPs)

 

So, if your ISP follows this kind of policies and your base customers are mainly located from said ISP or from an ISP that <prefers> that ISP, you'll still get traffic from both providers.

 

Say you have 10.0.0.0/23
ISP_A = No Prepend
ISP_B = Prepend 3x

 

You are a customer of ISP_B and the customers you have are connected via ISP_B or via another ISP (let's call it ISP_C) whose internal policies prefer ISP_B no matter what. In this scenario, no amount of prepend will make you get 100% traffic via ISP_A. Dibujo1.jpg

 

Unless you de-aggregate at the /24 boundaries just like Diana mentioned to you (because over the internet you can't publish anything that's smaller than a /24). So you'd send:

ISP_A: 10.0.0.0/24, 10.0.1.0/24, 10.0.0.0/23 
ISP_B: 10.0.0.0/23

 

Being the /24 more specifics they take precedence over the /23, so ISP_B under normal conditions (ISP_A is up), would -usually- never get traffic, and I say usually because there are some really really uncommon ways (as in, not usually used and require several things to be in place) to also skip over this, but is quite rare and is almost guaranteed never will happen.

 

The /23 is there on both to guarantee that in case of failure from ISP_A, ISP_B keeps you up.

 

 

I hope this was clear to you.

Regards, 

Hey Rafael , thank you very much , was a great explanation!! But in the case that you said

 

""You are a customer of ISP_B and the customers you have are connected via ISP_B or via another ISP (let's call it ISP_C) whose internal policies prefer ISP_B no matter what. In this scenario, no amount of prepend will make you get 100% traffic via ISP_A.""  

 

There is a routing loop because when ISP_B receive the traffic destined to my public segment , its would try to reach again via ISP_C because have the best route to reach me pointing ISP_C.  Due prepend .

 

Maybe I am wrong but I see that.

 

Let me elaborate more, maybe wasn't clear enough.

 

You are a customer of ISP_B and the customers you have are connected via ISP_B or via another ISP (let's call it ISP_C) whose internal policies prefer ISP_B no matter what. In this scenario, no amount of prepend will make you get 100% traffic via ISP_A

 

I added two potential cases here:

 

A.- You have a customer who is also a customer of ISP_B, ISP_B if has such policies, even if this ISP sees a better path (in terms of the AS_PATH length) via ISP_A, it'll prefer the path directly published by you to it. The traffic flow will be CUSTOMER -> ISP_B -> You

B.- You have a customer who is a customer of ISP_C, this ISP has other connections maybe one to ISP_A as well, however the internal policies of ISP_C says "prefer ISP_B always". In this case the traffic will be: CUSTOMER -> ISP_C -> ISP_B -> You

 

I am talking about inbound traffic only towards your network by the way, outbound (from you to the world) is quite a different thing because you have more control here (which ISP I use), assymetric routing is quite common over the internet and is due to this fact about everything being controlled by politics first, technical requirements later. 

Hi Rafa, thanks for jumping in and for provide assistance.

It's great to read you again in the Cisco Community 

Hi, thanks, I'm glad to be helpful. 

You are clear Rafael , thank you very much!

Crear
Reconozca a un colega
Content for Community-Ad